Reports: Cyberattacks breached at least a dozen power plants, including nukes

Author

Published

Share it

Dive Brief:

Cyberattacks from a foreign government recently breached a dozen or more U.S. power plants, including conventional and nuclear generators, multiple media outlets report.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation have issued a report noting the Wolf Creek Nuclear station in Kansas was among facilities targeted, according to the New York Times. The report is said to contain an urgent amber warning, the second-highest threat rating.

Bloomberg reports that Russia is a chief suspect in the hacking, though other outlets did not name a potential source of the attacks and some analysts warn attribution is premature.

Dive Insight:

Other outlets said that conclusion could be premature. E&E News reports that none of the "dozens" of federal workers and utility and cyber experts it interviewed in recent weeks gave any indication of where the attack came from.

Robert Lee, the CEO of security firm Dragos, took to twitter last night to tamp down on the Russia talk.

The details of the case aren't even public yet. Half of this is gossip theater. Attribution is NOT POSSIBLE yet.

First reported by E&E News, the event has been code named "Nuclear 17." And it now appears to be more widespread than previously thought. Importantly, however, no attacks successfully penetrated plants' operational controls, and many were directed at corporate systems often unconnnected.

According to the Times, some attacks targeted specific people — engineers with control system access. E&E reports many of the attackers used a "watering hole" technique, where they plant malicious code on websites likely to be visited by workers.

Cybersecurity is increasingly a focus in the power sector in the wake of a successful attack in Ukraine last year which resulted in a widespread blackout and Russian interference in the 2016 U.S. elections.

Galina Antova, co-founder of Claroty, which focuses on industrial control system security, told Bloomberg that "we’re moving to a point where a major attack like this is very, very possible."

Once hackers are into a plant's control systems, typically accessible through the facility's regular computer network, "then the basic security mechanisms you’d expect are simply not there," she said.

Bloomberg also has some details on the attack targeting Wolf Creek: Though it was unsuccessful, hackers reportedly used stolen credentials of a senior engineer at the plant.

In May, Dragos issued a report concluding malware that was used in a 2015 cyberattack resulting in power outages in Ukraine could be modified by developers to target the United States. The firm said the malware, named "CrashOverride," was sophisticated — and just the second industrial control system-tailored malware to target physical industrial processes.